Why did the other missions not undergo the same disaster that 13 had if all the components were built by the same manufacturer under the same specs?
The oxygen tank that exploded had been dropped a couple of inches and the tube to empty the tank was damaged. At one point to purge the tank the heaters were turned on to boil off the oxygen but due to excess voltage the temperature inside the tank got hot enough to melt the insulation on the wiring.
It was a unique set of circumstances that happened to that tank.
For the same reason that not all engines on Airbus aircraft shed a fan blade and catch fire. Or that if a wheel falls of one truck, the wheels will fall off all the other trucks made by the same manufacturer. Why on Earth would it?
Same spec and same manufacturer doesn’t mean identical product. Otherwise you could time the failure of components to the day. You will always have random variations, even within spec.
Incidentally, the tank which exploded had been installed before for an earlier mission and removed before launch and then reused on Apollo 13.
The mission it was removed from? Apollo 10, the dress rehearsal for the Lunar Landing. An accident there would have set the project back months, maybe years.
It took another mistake to cause the problem , but the same mistake was probably in earlier Apollo’s too though, a bit irrelevant, but since its an engineering philosophy question…
There was a thermometer - but it didn’t report temperatures as high as the dangerous range correctly, it was reporting the temperature was the expected temperature , being the maximum of the safe operating range, even though the actual temperate was rising above the designed for range. See , no one had considered what happened above the designed for range… and the thermometer couldn’t even measure that !. Basic idea there… always have a meter that shows a little beyond the operating range, so that you can see if the operating range is exceeded…or if the meter is defective.
Exactly. Engineers generally don’t have a problem with an item that fails at a certain point - you can compensate for that. The big problem engineers have is with items which become unpredictable in some circumstances.
Why did I run over a nail with a fairly new tire, plug my tire myself, and drive on it for two years, and then suddenly have the plug start to leak, even though there was plenty of tread on the tire? I double plugged it, and it held for eight more months, then I had to replace the tire. It gave me enough time to save money to replace both front tires.
We don’t live in a mathematically perfect world, and there is a certain amount of randomness.
That reminds me of a scene in the book Jurassic Park. They’re counting dinosaurs to make sure none were missing. The monitor counted the expected 300 animals. But the dinosaurs were breeding, which was a problem. It turns out that since they expected to have 300 dinosaurs, their computer counted to 300 and then stopped counting.
The failure on Apollo 13 was a Swiss Cheese failure. Lots of things lined up to make it happen. (Similarly, things lined up to get them home again - had it failed after the lunar landing they would not have made it.) The above issues contributed. The tank was dropped a few inches dislodging the fill tube. The subsequent inability to syphon off the LOX after a test led to the decision to boil the LOX off, and it was there that the unfortunate thermometer specification led to failure to notice the real problem. The real problem was that there was a design flaw - one that was the result of a classic problem in design change management. The voltage range for the heater in the tank had been changed. In addition to being powered internally at 28 volts, the systems was redesigned to also be powered from ground based power at 65 volts. No big deal, but a thermostatic switch, rated for use at 28 volts, was missed, and was now operating outside of its design spec. When they boiled the tank dry the switch simply welded itself shut. So the heater never turned off. The heater, sitting in a tank of LOX, managed to get the tank to about 1000F and wreck the insulation. It wasn’t that the thermometer should have read a bit higher than they thought, it needed to expose the existence of a massive disaster in the tank. The tank was wrecked before they launched. The third time they did a cryo-stir it set fire to its Teflon insulation. (Which is quite a feat, but being immersed in ready supply pure oxygen is a good start.) It then exploded.
A significant reason the other missions didn’t suffer the same (or related) failure was that Apollo 13 did. All the service modules were redesigned with a backup LOX tank, and little issues like the wrongly rated switch were fixed before the next flight.
I really liked the book. It was a fun romp.
But I hated the smartass chaos theory mathematician.
All he could say was,
–“It’ll never work.”
**“Why not.”
–" 'Cuz chaos."
LATER, when problems, fun, & hijinx ensue, he’s all over the place pointing out flaws in the design.
The dislodging of the fill tube was itself a swiss cheese failure. Several part of the tube were built right at the edge of their specified tolerances, and they were all just barely in tolerance in the right way to make the entire assembly barely hold in place. Wouldn’t have been a problem normally. The entire assembly that the oxygen tank was mounted on was being removed from a service module that it had been temporarily installed in, but the person disconnecting the assembly missed one of the bolts holding it in place. When they tried to lift the assembly out of the service module, the bolt held it in place, the entire module lifted slightly, and then the fixture attaching the crane to the assembly broke and everything dropped back down. Wouldn’t have been a problem, but the shock was enough to jar the fill tube loose. The module was inspected, but nobody noticed the loose fill tube because it was buried inside a sealed tank. It was a long chain of minor accidents any of which wouldn’t individually have caused a problem.
Yes, but this was a highly specialized electronic component build and inspected very carefully. If a fan blade on a jet engine failed you would be sure that all other fan blades would be checked.
Every part that is energized or mechanically exercised will fail at some point. The engineer’s job is to make sure that the point at which failure occurs (number of operating cycles, or duration against environments, or age, or so forth) will be more/longer than the operational lifetime of the component, with sufficient margin to accommodate parts that are weaker than the mean. However, random failures due to latent (unscreenable) defects, loads or environments that exceed the predicted maximums, or system failures (where a combination of conditions creates a failure condition that isn’t exercise in component level testing) are always possible, hence why most critical aerospace systems are designed with as much redundancy as weight and performance will allow.
And Francis Vaughan is correct that the crew of Apollo XIII was fortunate that the failure occurred when it did. Had it occurred earlier, before the CSM linked up with the LM, or after the lunar landing, they would not have been able to use the LM as either a lifeboat or a propulsion system for the duration necessary to return to Earth, and they would have been dead. People like to point at Apollo XIII as an example of how astronauts can improvise their way out of a serious anomaly, but in fact nearly all of the methods employed in the recovery had been previously vetted and documented, and the astronauts got very lucky that it happened just so at the best possible time and without damaging the crucial heat shield on the CM. Space is very, very unforgiving, and the notion of working out problems in situ is a deadly way to approach the hazards.
Stranger
Question for you.
I understand the post-landing issue, but haven’t really thought about the beginning of the mission issues. The CSM linked up with the LM 40 minutes after TLI if I’m reading the timeline correctly.
And even if it’s post separation from the S-IVB wouldn’t it be possible to reconnect and use the S-IVB engine? Would it have had enough thrust left to return to earth orbit?
Alternately it seems they would have had to risk the damaged SM engine, which would have been impossible to control, yes?
The S-IVB 3rd stage was expended of propellant – it was of no help.
The SM engine was feared damaged, and the risk of trying to burn it was judged too great. In fact the engine bell was dented although they did not know this until they took photos of it right before reentry. Most rocket engines use regenerative cooling where many fine pipes circulate the propellent through the nozzle. Normally any small ding or impact risks rupturing the cooling lines and causing a burn though.
However the the SPS engine use ablative cooling, which was simpler. Despite this due to the dent in the engine bell there would have been a risk of a dangerous pressure buildup had the engine been ignited. They didn’t even know about that at decision time, and this shows how conservatism was the wise course.
The other main problem was lack of electrical power, without which the SPS engine could not be used. They only had a very short period to get control transferred to the LM before the entire CSM was dead. There just wasn’t enough time to try it even had it been safe.
The only other unexplored option would have been to jettison the heavy inert Service Module, thus lightening the remaining vehicle, and immediately burn the LM descent engine almost to depletion. This would also have resulted in an “about face” direct abort, and a much quicker return. However there were several risks with this:
(1) There was only a small time window before they were too far from earth for this to work. They didn’t safely have enough time to calculate the trajectory, get the vehicle in the unusual configuration and do the burn.
(2) It would have required virtually all the propellent in the descent stage. If the slightest error was made in guidance, navigation or control during the burn, they would have had no extra propellant to correct this.
(3) It would have exposed the critical CM heat shield to the space environment for long periods of time. It was not designed or tested for this, only for very brief periods after SM jettison before reentry. They didn’t have time to run thermal tests to validate this before the decision point came for doing the burn, so they didn’t take this path.
joema has accurately addressed the questions of the S-IVB having all propellant expended and the potential damage to the Service Module engine, but as far as reconnecting the CSM to the S-IVB, no, it isn’t possible. I can’t find a good detail on the joints, but this graphic shows the phases of a typical Apollo lunar landing mission. In Step 5 the CSM separates from the S-IVB and forward interstage, and you can see how the interstage “petals” into four pieces to expose the LM so the CSM can dock with it an extract it. (The graphic has an error; they petals don’t fly free but actually remain connected to the S-IVB as shown in this picture of the Apollo VII S-IVB post-separation.) At that point, there is neither a mechanical or electrical/control cable connection to the S-IVB, so even if propellant weren’t expended it is still not reusable.
Stranger
The Apollo Program really liked to use explosive bolts and cutting charges to disconnect things. Very few parts of the Saturn and Apollo could be reconnected after separating. Only the docking mechanism between the CSM and Apollo was designed for repeated connection/disconnection cycles, and even that had an explosive charge to blow it off the CSM after the last time it was used.
There was some limited ground control of the S-IVB and it had its own “ullage” thrusters. These were used after spacecraft separation to nudge the trajectory to a lunar impact to obtain seismographic data from instruments previously placed on the surface. However the available delta-V was very low – far too little to help the Apollo 13 situation.
The other issue is I don’t think the S-IVB could even ignite again – even if it had propellant. Unlike the hypergolic engines in the CSM and LM, it was a cryogenic H2/O2 stage and required a specific start sequence, APU duration, etc. This was all pre-planned for a single earth orbit restart for the trans-lunar injection burn, and that was it.
But that is a non-issue since I believe the S-IVB propellants were burned to physical depletion not to a specific cutoff point. It had a special system to ensure both fuel and oxidizer were simultaneously depleted so there would be no residuals in either tank.
According to Wikipedia, which unfortunately lacks a source in this case, the petals flew free for all missions after Apollo 7:
*TD&E was performed on all Apollo missions from Apollo 9 onward, as these flights carried the LM. The maneuver was first practiced on the Earth-orbiting Apollo 7 flight, but the S‑IVB utilized a LM fairing adapter that did not separate from the S‑IVB, so the crew could not approach the S‑IVB in fear that the adapter “petals” would strike the Apollo CSM. This was corrected with all flights commencing with Apollo 8 when the fairing “petals” would fall away from the S‑IVB.
*
Slight nitpick: while “explosive bolts” are a real ordnance item, they’re rarely used on spacecraft except on the ground system for hold down because they generate such a high pyroshock and produce debris. Linear shaped charges are often used for flight termination systems but the high shock makes them unsuited normal stage separation on delicate crewed systems.
Most systems today use a combination of frangible nuts (in which there is a threaded rods with nuts on both sides of the joint which are captured by a cage or lanyard) and separating/frangible rails which have a confined expanding “detonating fuse” charge that essentially pries the joint open (albeit operating in the millisecond range). On occasion a severing bolt cutter will be used, often in conjunction with a Marman/V-band clamp but it can develop a high pyrotechnic shock as well as the released mechanical energy. Of course, SpaceX has gone the route of using all pneumatic non-ordnance devices for separation except for FTS, which has its own challenges in reliability and complexity, but gets away from both the high pyroshock shock environment (just lower frequency mechanical stored energy) and has almost no potential to produce debris under normal operation.
Stranger